feat: move vcluster charts to charts/

.gitlab-ci.yml

@@ -14,8 +14,8 @@ release:
   script:
     - |
       cd $CI_PROJECT_DIR
-      for i in $(git show --pretty="" --name-only | grep '^[^/]*/chart/Chart.yaml' | cut -d/ -f1); do
-        pack=$(helm package $i/chart | sed 's/Success.*: \(.*\)/\1/')
+      for i in $(git show --pretty="" --name-only | grep '^charts/.*/Chart.yaml' | cut -d/ -f2); do
+        pack=$(helm package ./charts/$i | sed 's/Success.*: \(.*\)/\1/')
         if [ ! -z $pack ]; then
           chart=$(basename $pack)
           curl --request POST \
@@ -33,8 +33,8 @@ rebuild:
   script:
     - |
       cd $CI_PROJECT_DIR
-      for i in $(find -maxdepth 3 -name Chart.yaml | cut -d/ -f2); do
-        pack=$(helm package $i/chart | sed 's/Success.*: \(.*\)/\1/')
+      for i in $(find ./charts -maxdepth 2 -name Chart.yaml | cut -d/ -f3); do
+        pack=$(helm package ./charts/$i | sed 's/Success.*: \(.*\)/\1/')
         if [ ! -z $pack ]; then
           chart=$(basename $pack)
           curl --request POST \

applications/archmeister.yaml

@@ -13,7 +13,7 @@ spec:
         hostname: archmeister.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
         hostname: archmeister.beta.oceanbox.io
         autoSync: true
@@ -28,8 +28,8 @@ spec:
         server: "{{ .cluster }}"
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/archmeister
+        targetRevision: main
+        path: manifests/archmeister
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:
@@ -43,4 +43,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/atlantis-host-resources.yaml

@@ -4,13 +4,18 @@ metadata:
   name: atlantis-host-cluster-resources
   namespace: argocd
 spec:
-  project: atlantis
+  project: aux
   destination:
     server: https://kubernetes.default.svc
   syncPolicy:
-    automated: {}
-  source:
-    repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: dev
+    automated:
+      prune: false
+      selfHeal: false
+  sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: main
     path: resources/atlantis/host-manifests
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: main
+    path: 'resources/atlantis/manifests/prod'
 

applications/atlantis-resources.yaml

@@ -4,24 +4,35 @@ metadata:
   name: atlantis-resources
   namespace: argocd
 spec:
+  goTemplate: true
   generators:
   - list:
       elements:
       - cluster: https://kubernetes.default.svc
         env: prod
-      - cluster: https://staging-vcluster.staging-vcluster:443
-        env: staging
+        autoSync: false
+        prune: false
+      # - cluster: https://staging-vcluster.staging-vcluster
+      #   env: staging
   template:
     metadata:
-      name: '{{ env }}-atlantis-resources'
+      name: "{{ .env }}-atlantis-resources"
     spec:
-      project: atlantis
+      project: aux
       syncPolicy:
         automated: {}
       destination:
-        server: '{{ cluster }}'
+        server: "{{ .cluster }}"
         namespace: atlantis
-      sources:
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: 'resources/atlantis/manifests/{{ env }}'
+      sources: {}
+      # - repoURL: https://gitlab.com/oceanbox/manifests.git
+      #   targetRevision: main
+      #   path: 'resources/atlantis/manifests/{{ env }}'
+  templatePatch: |
+    {{- if .autoSync }}
+    spec:
+      syncPolicy:
+        automated:
+          prune: {{ .prune }}
+          selfHeal: false
+    {{- end }}

applications/atlantis.yaml

@@ -13,7 +13,7 @@ spec:
         hostname: atlantis.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
         hostname: atlantis.beta.oceanbox.io
         autoSync: true
@@ -28,8 +28,8 @@ spec:
         server: '{{ .cluster }}'
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/atlantis
+        targetRevision: main
+        path: manifests/atlantis
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:
@@ -37,13 +37,11 @@ spec:
             string: '{{ .env }}'
           - name: hostname
             string: '{{ .hostname }}'
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/atlantis/manifests
   templatePatch: |
     {{- if .autoSync }}
     spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/busynix.yaml

@@ -10,21 +10,21 @@ spec:
       - cluster: https://kubernetes.default.svc
         env: prod
         hostname: busynix.srv.oceanbox.io
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
         hostname: busynix.beta.oceanbox.io
   template:
     metadata:
       name: '{{ env }}-busynix'
     spec:
-      project: atlantis
+      project: aux
       destination:
         namespace: default
         server: '{{ cluster }}'
       source:
         repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/busynix
+        targetRevision: main
+        path: manifests/busynix
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:

applications/cerbos.yaml

@@ -9,13 +9,13 @@ spec:
       elements:
       - cluster: https://kubernetes.default.svc
         env: prod
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
   template:
     metadata:
       name: '{{ env }}-cerbos'
     spec:
-      project: atlantis
+      project: aux
       destination:
         server: https://kubernetes.default.svc
         namespace: idp
@@ -25,8 +25,8 @@ spec:
           chart: cerbos
           helm:
             valueFiles:
-              - $values/charts/cerbos/values.yaml
-              - $values/charts/cerbos/values-{{ env }}.yaml
+              - $values/manifests/cerbos/values.yaml
+              - $values/manifests/cerbos/values-{{ env }}.yaml
         - repoURL: https://gitlab.com/oceanbox/manifests.git
-          targetRevision: dev
+          targetRevision: main
           ref: values

applications/dex.yaml

@@ -4,12 +4,12 @@ metadata:
   name: dex
   namespace: argocd
 spec:
-  project: atlantis
+  project: aux
   destination:
     server: https://kubernetes.default.svc
     namespace: idp
   source:
     repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: dev
-    path: charts/dex/manifests
+    targetRevision: main
+    path: manifests/dex/manifests
 

applications/geoserver.yaml

@@ -17,14 +17,14 @@ spec:
     metadata:
       name: '{{ env }}-geoserver'
     spec:
-      project: atlantis
+      project: aux
       destination:
         server: https://kubernetes.default.svc
         namespace: geoserver
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/geoserver
+        targetRevision: main
+        path: manifests/geoserver
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:

applications/hipster.yaml

@@ -13,7 +13,7 @@ spec:
         hostname: hipster.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
         hostname: hipster.beta.oceanbox.io
         autoSync: true
@@ -28,8 +28,8 @@ spec:
         server: '{{ .cluster }}'
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/hipster
+        targetRevision: main
+        path: manifests/hipster
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:
@@ -43,4 +43,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/jaeger.yaml

@@ -10,13 +10,13 @@ spec:
     namespace: jaeger
   sources:
   - repoURL: https://jaegertracing.github.io/helm-charts
-    targetRevision: 2.50.1
+    targetRevision: 2.54.0
     chart: jaeger-operator
     helm:
       valueFiles:
-        - $values/charts/jaeger/values.yaml
+        - $values/manifests/jaeger/values.yaml
   - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: dev
-    # path: charts/jaeger/manifests
+    targetRevision: main
+    # path: manifests/jaeger/manifests
     ref: values
 

applications/keycloak.yaml

@@ -4,7 +4,7 @@ metadata:
   name: keycloak
   namespace: argocd
 spec:
-  project: atlantis
+  project: aux
   destination:
     server: https://kubernetes.default.svc
     namespace: idp
@@ -14,8 +14,8 @@ spec:
     chart: keycloak
     helm:
       valueFiles:
-        - $values/charts/keycloak/values.yaml
+        - $values/manifests/keycloak/values.yaml
   - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: dev
+    targetRevision: main
     ref: values
 

applications/osm-tile-server.yaml

@@ -10,21 +10,21 @@ spec:
       - cluster: https://kubernetes.default.svc
         env: prod
         hostname: osm.srv.oceanbox.io
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
         hostname: osm.beta.oceanbox.io
   template:
     metadata:
       name: '{{ env }}-osm-tile-server'
     spec:
-      project: atlantis
+      project: aux
       destination:
         namespace: oceanbox
         server: '{{ cluster }}'
       source:
         repoURL: https://gitlab.com/oceanbox/charts.git
         targetRevision: HEAD
-        path: charts/osm-tile-server
+        path: manifests/osm-tile-server
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:

applications/petimeter.yaml

@@ -13,7 +13,7 @@ spec:
         hostname: petimeter.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster:443
+      - cluster: https://staging-vcluster.staging-vcluster
         env: staging
         hostname: petimeter.beta.oceanbox.io
         autoSync: true
@@ -28,8 +28,8 @@ spec:
         server: '{{ .cluster }}'
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/petimeter
+        targetRevision: main
+        path: manifests/petimeter
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:
@@ -38,12 +38,13 @@ spec:
           - name: hostname
             string: '{{ .hostname }}'
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/petimeter/manifests
+        targetRevision: main
+        path: manifests/petimeter/manifests
   templatePatch: |
     {{- if .autoSync }}
     spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/rabbitmq.yaml

@@ -17,7 +17,7 @@ spec:
     metadata:
       name: '{{ env }}-rabbitmq'
     spec:
-      project: atlantis
+      project: aux
       destination:
         server: https://kubernetes.default.svc
         namespace: rabbitmq
@@ -27,8 +27,8 @@ spec:
           chart: rabbitmq
           helm:
             valueFiles:
-              - $values/charts/rabbitmq/values-{{ env }}.yaml
+              - $values/manifests/rabbitmq/values-{{ env }}.yaml
         - repoURL: https://gitlab.com/oceanbox/manifests.git
-          targetRevision: dev
-          path: charts/rabbitmq/{{ env }}
+          targetRevision: main
+          path: manifests/rabbitmq/{{ env }}
           ref: values

applications/redis.yaml

@@ -17,7 +17,7 @@ spec:
     metadata:
       name: '{{ env }}-redis'
     spec:
-      project: atlantis
+      project: aux
       destination:
         server: https://kubernetes.default.svc
         namespace: redis
@@ -30,11 +30,11 @@ spec:
         #       - $values/redis/values.yaml
         # - repoURL: https://gitlab.com/oceanbox/manifests.git
         #   targetRevision: HEAD
-        #   path: charts/redis/{{ env }}
+        #   path: manifests/redis/{{ env }}
         #   ref: values
         - repoURL: https://gitlab.com/oceanbox/manifests.git
-          targetRevision: dev
-          path: charts/redis
+          targetRevision: main
+          path: manifests/redis
           plugin:
             name: kustomize-helm-with-rewrite
             parameters:

applications/seq.yaml

@@ -4,7 +4,7 @@ metadata:
   name: seq
   namespace: argocd
 spec:
-  project: atlantis
+  project: aux
   destination:
     server: https://kubernetes.default.svc
     namespace: seq
@@ -14,7 +14,7 @@ spec:
     chart: seq
     helm:
       valueFiles:
-        - $values/charts/seq/values.yaml
+        - $values/manifests/seq/values.yaml
   - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: dev
+    targetRevision: main
     ref: values

applications/sorcerer.yaml

@@ -10,12 +10,12 @@ spec:
       elements:
       - cluster: https://10.255.241.99:4443
         env: prod
-        hostname: sorcerer.srv.archive.oceanbox.io
+        hostname: sorcerer.data.oceanbox.io
         autoSync: false
         prune: true
       - cluster: https://10.255.241.99:4443
         env: staging
-        hostname: sorcerer.beta.archive.oceanbox.io
+        hostname: sorcerer.ekman.oceanbox.io
         autoSync: true
         prune: true
   template:
@@ -24,12 +24,12 @@ spec:
     spec:
       project: atlantis
       destination:
-        namespace: oceanbox
+        namespace: sorcerer
         server: '{{ .cluster }}'
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: dev
-        path: charts/sorcerer
+        targetRevision: main
+        path: manifests/sorcerer
         plugin:
           name: kustomize-helm-with-rewrite
           parameters:
@@ -43,4 +43,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

argo/kustomize-helm-with-rewrite/Dockerfile

@@ -1,10 +1,7 @@
-FROM alpine/k8s:1.28.3
+FROM alpine/k8s:1.28.9
 
 RUN mkdir -p /home/argocd/cmp-server/config/
 COPY plugin.yaml /home/argocd/cmp-server/config/
 
 WORKDIR /plugin
 COPY init.sh get-values.sh generate.sh ./
-
-
-

argo/kustomize-helm-with-rewrite/deploy.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-img=registry.gitlab.com/oceanbox/gitops-manifests/kustomize-helm-with-rewrite
+img=registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite
 tag=${1:-latest}
 
 docker build -t $img:$tag .

argo/staging-vcluster.yaml

@@ -5,14 +5,12 @@ metadata:
     managed-by: argocd.argoproj.io
   labels:
     argocd.argoproj.io/secret-type: cluster
-  name: staging-vcluster
+  name: cluster-staging-vcluster
   namespace: argocd
 stringData:
   config: |
-    {"bearerToken":"eyJhbGciOiJSUzI1NiIsImtpZCI6IlVrakhGancyRzVMajNvQ3Jjb2FEU0kwRnlQeGsxc0Z3OThzLWV6akljVzAifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJodHRwczovL2t1YmVybmV0ZXMuZGVmYXVsdC5zdmMiLCJodHRwczovL2t1YmVybmV0ZXMuZGVmYXVsdCJdLCJleHAiOjIwMjM3MjEwMDksImlhdCI6MTcwODM2MTAwOSwiaXNzIjoiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6Imt1YmUtc3lzdGVtIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImFkbWluIiwidWlkIjoiMDRlOGJlZDQtYWUwNy00MTBiLWI4NTYtNzg3MTkzNDAzYjcyIn19LCJuYmYiOjE3MDgzNjEwMDksInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.TJuQb9dpgOU6w42-WSJQmu39CZ7NyXWks6itH5qtUUkOvkwRwEtChV-53epM1HNOpK3mj2IWlJ7MaUb5AVFMx0alUJthBX_kL3mjdvUdn2MbPl-S0UFPclp8JoYeALjwtSFkuch1HqlMT7s-BbhXowo8AVFXDJE3rUJBrzzFqQ_e1IIf327qUfyo_TidwVoiya7q6cRU1n-XsP6sE0cgOxnScHXZ-DpysydjKCqXFYbnz9KYVagsOdK4LPb3x-Qb6Ae4PGJAfo3myzmiha3bTGO8HFF4WmMTWrlqeCXTPjER1vVJ_RQMY_LF4G8Of9zIX-8gvTZLcQAQ6BnlmY4QxQ","tlsClientConfig":{"insecure":true}}
+    {"bearerToken":"eyJhbGciOiJSUzI1NiIsImtpZCI6InhKNmNNemw4V01jR0cxUHJ4ajE3bTdQRDlKd1ZyQUQ0cDFPcXRuVDBFbWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImUyNjQ2MDgzLTNjMDMtNDc0Ni1iMGIxLWViOGRmMzY3NTNiMiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.hXQzh4mus2yPwXz-EyowgSpOKgOk7uDU8z-dH-sZJ-UgzxQFOxABfkjD4Kb4JYlXrr_zkMO7n_zkaDOl3iFDCDS2Pury7hsIlJNKETYk-_llH0RYI9DYzAB5PkeOyuKhmRq8eklynq5ObPtk7WVuj3Bp-64uSqfX-WvxqoE0dfh0erSVcU7BwwjRdeDnO01xzv5zXXAYkOmk6e5DGOLBdUMD8kDZE0_NEa-MKCVkl78sc2mCsOMOUhzXoCduvc92hfnoFEfoTKe7xHwLeUim4HvVfD9czXOpRtHKXgEsk0UGtj0xg7D70uftUIxpr4a8rbWceM4eyGtXpjPUm1mh1Q","tlsClientConfig":{"insecure":true}}
   name: staging-vcluster
-  server: https://staging-vcluster.staging-vcluster:443
+  server: https://staging-vcluster.staging-vcluster
 type: Opaque
 
-
-

charts/archmeister/Chart.yaml

@@ -12,7 +12,8 @@ description: Archive management for Atlantis
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: v6.17.0
+version: v6.19.5
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v6.17.0
+appVersion: v6.19.5
+

charts/archmeister/prod/appsettings.json

@@ -1,47 +0,0 @@
-{
-    "connString": "Username=app;Password=secret;Host=prod-archmeister-rw;Port=5432;Database=app;Pooling=true;",
-    "oidc": {
-        "issuer": "https://idp.srv.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.srv.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.srv.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.srv.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.srv.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.srv.oceanbox.io/dex/device/code",
-        "clientId": "archmeister",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.srv.oceanbox.io/dex/static/logout.html",
-        "redis": "prod-redis-master.redis.svc,user=default,password=secret",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "allowedOrigins": [
-        "https://maps.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io",
-        "https://maps.relic.oceanbox.io",
-        "https://sorcerer.data.oceanbox.io",
-        "https://sorcerer.hpc.oceanbox.io",
-        "https://jonas-sorcerer.ekman.oceanbox.io",
-        "https://beta.sorcerer.ekman.oceanbox.io",
-        "https://simkir-sorcerer.ekman.oceanbox.io",
-        "https://stig-sorcerer.ekman.oceanbox.io",
-        "https://atlantis.beta.oceanbox.io",
-        "https://jonas-atlantis.beta.oceanbox.io",
-        "https://simkir-atlantis.beta.oceanbox.io",
-        "https://stig-atlantis.beta.oceanbox.io",
-        "https://a.local.oceanbox.io:8080"
-    ],
-    "logService" : "https://seq.oceanbox.io",
-    "logApiKey": "",
-    "cliUsers": [
-        "admin:en-to-tre-fire"
-    ]
-}

charts/archmeister/staging/appsettings.json

@@ -1,42 +0,0 @@
-{
-    "connString": "Username=app;Password=secret;Host=staging-archmeister-rw;Port=5432;Database=app;Pooling=true;",
-    "oidc": {
-        "issuer": "https://idp.srv.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.srv.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.srv.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.srv.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.srv.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.srv.oceanbox.io/dex/device/code",
-        "clientId": "archmeister_dev",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.srv.oceanbox.io/dex/static/logout.html",
-        "redis": "staging-redis-master.redis.svc,user=default,password=secret",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "allowedOrigins": [
-        "https://atlantis.beta.oceanbox.io",
-        "https://sorcerer.beta.data.oceanbox.io",
-        "https://sorcerer.hpc.oceanbox.io",
-        "https://s.local.oceanbox.io:8080",
-        "https://maps.oceanbox.io",
-        "https://jonas-atlantis.beta.oceanbox.io",
-        "https://simkir-atlantis.beta.oceanbox.io",
-        "https://stig-atlantis.beta.oceanbox.io",
-        "https://atlantis.local.oceanbox.io:8080"
-    ],
-    "logService" : "https://seq.oceanbox.io",
-    "logApiKey": "",
-    "cliUsers": [
-        "admin:en-to-tre-fire"
-    ]
-}

charts/archmeister/values-prod.yaml

@@ -1,26 +0,0 @@
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-  hosts:
-    - host: archmeister.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - archmeister.srv.oceanbox.io
-      secretName: prod-archmeister-tls
-
-cluster:
-  backupEnabled: true
-  backupRetention: 60d
-  instances: 2
-
-resources:
-  limits:
-    cpu: 200m
-    memory: 1Gi
-  requests:
-    cpu: 200m
-    memory: 1Gi
-

charts/archmeister/values-staging.yaml

@@ -1,25 +0,0 @@
-image:
-  tag: 04ca077a-debug
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    atlantis.oceanbox.io/expose: global
-  hosts:
-    - host: archmeister.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - archmeister.beta.oceanbox.io
-      secretName: staging-archmeister-tls
-
-resources:
-  limits:
-    cpu: 200m
-    memory: 1Gi
-  requests:
-    cpu: 200m
-    memory: 1Gi
-

charts/archmeister/values.yaml

@@ -5,7 +5,7 @@
 replicaCount: 1
 image:
   repository: registry.gitlab.com/oceanbox/oceanbox.dataagent
-  tag: v6.17.0
+  tag: v6.19.5
   pullPolicy: IfNotPresent
 init:
   enabled: false
@@ -52,13 +52,12 @@ ingress:
       secretName: archmeister-tls
   internal:
     annotations: {}
-  #       nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    #       nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
 persistence:
   enabled: false
   # size: 10G
   # storageClass: ""
   # accessMode: ReadWriteMany
-
 cluster:
   enabled: true
   instances: 1
@@ -74,7 +73,6 @@ cluster:
         - CREATE EXTENSION fuzzystrmatch;
         - CREATE EXTENSION postgis_tiger_geocoder;
         - ALTER USER app WITH SUPERUSER;
-
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little

charts/atlantis/Chart.yaml

@@ -1,7 +1,6 @@
 apiVersion: v2
 name: atlantis
 description: Atlantis map and simulation service
-
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,11 +10,9 @@ description: Atlantis map and simulation service
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 1.0.1
-
+version: v2.78.15
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 0.0.0
+appVersion: v2.78.15

charts/atlantis/staging/appsettings.json

@@ -1,33 +0,0 @@
-{
-    "oidc": {
-        "issuer": "https://idp.srv.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.srv.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.srv.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.srv.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.srv.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.srv.oceanbox.io/dex/device/code",
-        "clientId": "atlantis_dev",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.srv.oceanbox.io/dex/static/logout.html",
-        "redis": "staging-redis-master.redis.svc,user=default,password=secret",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "archmeister" : "https://archmeister.beta.oceanbox.io",
-    "sorcerer" : "https://sorcerer.beta.data.oceanbox.io",
-    "allowedOrigins": [
-        "http://atlantis.beta.oceanbox.io",
-        "https://atlantis.beta.oceanbox.io"
-    ],
-    "logService" : "https://seq.oceanbox.io",
-    "logApiKey": ""
-}

charts/atlantis/values-prod.yaml

@@ -1,27 +0,0 @@
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-  hosts:
-    - host: atlantis.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-    - host: maps.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - atlantis.srv.oceanbox.io
-       - maps.srv.oceanbox.io
-      secretName: atlantis-tls
-
-resources:
-  limits:
-    cpu: 250m
-    memory: 1Gi
-  requests:
-    cpu: 250m
-    memory: 1Gi
-

charts/atlantis/values-staging.yaml

@@ -1,26 +0,0 @@
-image:
-  tag: a41b6229-debug
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    # atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: atlantis.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - atlantis.beta.oceanbox.io
-      secretName: staging-atlantis-tls
-
-resources:
-  limits:
-    cpu: 250m
-    memory: 1Gi
-  requests:
-    cpu: 250m
-    memory: 1Gi
-

charts/atlantis/values.yaml

@@ -3,27 +3,21 @@
 # Declare variables to be passed into your templates.
 
 replicaCount: 1
-
 image:
   repository: registry.gitlab.com/oceanbox/atlantis
-  tag: v2.77.5
+  tag: v2.78.15
   pullPolicy: IfNotPresent
-
 init:
   enabled: false
   image: ubuntu:rolling
-  command: [ "/bin/sh", "-c", "true"  ]
-
+  command: ["/bin/sh", "-c", "true"]
 env:
   - name: LOG_LEVEL
     value: "3"
-
 imagePullSecrets:
   - name: gitlab-pull-secret
-
 nameOverride: ""
 fullnameOverride: ""
-
 serviceAccount:
   create: true
   # Annotations to add to the service account
@@ -31,24 +25,19 @@ serviceAccount:
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
-
 podAnnotations: {}
-
 podSecurityContext:
   fsGroup: 2000
-
 securityContext:
   capabilities:
     drop:
-    - ALL
+      - ALL
   readOnlyRootFilesystem: false
   runAsNonRoot: true
   runAsUser: 1000
-
 service:
   type: ClusterIP
   port: 8085
-
 ingress:
   enabled: true
   className: "nginx"
@@ -62,33 +51,30 @@ ingress:
           pathType: ImplementationSpecific
   tls:
     - hosts:
-       - atlantis.srv.oceanbox.io
+        - atlantis.srv.oceanbox.io
       secretName: atlantis-tls
-
 persistence:
   enabled: false
   size: 1G
   storageClass: ""
   accessMode: ReadWriteOnce
-
 cluster:
   enabled: false
   instances: 2
   backupEnabled: true
   backupRetention: 60d
   size: 5Gi
-
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
 
 autoscaling:
   enabled: false
@@ -96,9 +82,6 @@ autoscaling:
   maxReplicas: 100
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
-
 nodeSelector: {}
-
 tolerations: []
-
 affinity: {}

charts/busynix/values.yaml

@@ -36,7 +36,7 @@ service:
   type: ClusterIP
   port: 8000
 ingress:
-  enabled: true
+  enabled: false
   className: nginx
   annotations:
     nginx.ingress.kubernetes.io/ssl-redirect: "true"

charts/hipster/.helmignore

@@ -20,3 +20,7 @@
 .idea/
 *.tmproj
 .vscode/
+base/
+prod/
+staging/
+review/

charts/hipster/Chart.yaml

@@ -1,7 +1,6 @@
 apiVersion: v2
 name: hipster
 description: A Helm chart for Kubernetes
-
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,11 +10,9 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.0
-
+version: v2.6.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.10.0
+appVersion: v2.6.4

charts/hipster/values-prod.yaml

@@ -1,4 +0,0 @@
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    atlantis.oceanbox.io/expose: internal

charts/hipster/values-staging.yaml

@@ -1,7 +0,0 @@
-image:
-  tag:  d3af2100-debug
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    atlantis.oceanbox.io/expose: internal

charts/hipster/values.yaml

@@ -3,23 +3,18 @@
 # Declare variables to be passed into your templates.
 
 replicaCount: 1
-
 image:
   repository: registry.gitlab.com/oceanbox/hipster
-  tag: v2.5.0
+  tag: v2.6.4
   pullPolicy: IfNotPresent
-
 init:
   enabled: false
   image: ubuntu:rolling
-  command: [ "/bin/sh", "-c", "true"  ]
-
+  command: ["/bin/sh", "-c", "true"]
 imagePullSecrets:
   - name: gitlab-pull-secret
-
 nameOverride: ""
 fullnameOverride: ""
-
 serviceAccount:
   create: true
   # Annotations to add to the service account
@@ -27,24 +22,19 @@ serviceAccount:
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
-
 podAnnotations: {}
-
 podSecurityContext:
   fsGroup: 2001
-
 securityContext:
   capabilities:
     drop:
-    - ALL
+      - ALL
   readOnlyRootFilesystem: false
   runAsNonRoot: true
   runAsUser: 2001
-
 service:
   type: ClusterIP
   port: 8085
-
 ingress:
   enabled: false
   className: "nginx"
@@ -58,27 +48,25 @@ ingress:
           pathType: ImplementationSpecific
   tls:
     - hosts:
-       - hipster.srv.oceanbox.io
+        - hipster.srv.oceanbox.io
       secretName: hipster-tls
-
 persistence:
   enabled: false
   # existingClaim: oceanbox-archives
   # size: 10G
   # storageClass: ""
   # accessMode: ReadWriteMany
-
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
 
 autoscaling:
   enabled: false
@@ -86,10 +74,6 @@ autoscaling:
   maxReplicas: 100
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
-
 nodeSelector: {}
-
 tolerations: []
-
 affinity: {}
-

charts/osm-tile-server/.helmignore

@@ -20,3 +20,7 @@
 .idea/
 *.tmproj
 .vscode/
+base/
+prod/
+staging/
+review/

charts/petimeter/.helmignore

@@ -20,3 +20,7 @@
 .idea/
 *.tmproj
 .vscode/
+base/
+prod/
+staging/
+review/

charts/petimeter/Chart.yaml

@@ -1,7 +1,6 @@
 apiVersion: v2
 name: petimeter
 description: A Helm chart for Kubernetes
-
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,11 +10,9 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.0
-
+version: v1.9.8
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.10.0
+appVersion: v1.9.8

charts/petimeter/base/deployment_patch.yaml

@@ -16,7 +16,4 @@
   value:
     name: acl
     configMap:
-      name: petimeter-acl
-- op: add
-  path: /spec/template/spec/containers/0/envFrom
-  value: []
+      name: petimeter-acl

charts/petimeter/base/kustomization.yaml

@@ -1,10 +1,16 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: oceanbox
 patches:
   - target:
       version: v1
       group: apps
       kind: Deployment
+      name: petimeter
     path: deployment_patch.yaml
+# configMapGenerator:
+#   - name: petimeter-acl
+#     files:
+#       - acl.json
 resources:
-  - _manifest.yaml
+  - _manifest.yaml

charts/petimeter/prod/appsettings.json

@@ -1,31 +0,0 @@
-{
-    "oidc": {
-        "issuer": "https://idp.srv.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.srv.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.srv.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.srv.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.srv.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.srv.oceanbox.io/dex/device/code",
-        "clientId": "petimeter",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.srv.oceanbox.io/dex/static/logout.html",
-        "redis": "prod-redis-master.redis.svc,user=default,password=secret",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "allowedOrigins": [
-        "https://maps.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io"
-    ],
-    "logService" : "https://seq.oceanbox.io",
-    "logApiKey": ""
-}